Companies unclear on credit-card security requirements

More than half of the IT professionals in a recent survey said their companies do not fully understand the requirements mandated by the Payment Card Industry (PCI) Data Security Standard.

Visa, MasterCard International, and other payment card companies require merchants and others who process credit-card transactions to comply with the PCI standard for protecting cardholder data.

A survey of 65 IT professionals by encryption firm Protegrity showed that 53.9 percent do not believe their companiees are entirely clear about the PCI requirements, or other regulations such as Sarbanes-Oxley and HIPAA.

Merchants processing more than 20,000 credit-card transactions per year faced a Thursday deadline to comply with the PCI standard. Non-compliance can result in fines and loss of the ability to handle credit-card transactions.

Both Visa and MasterCard have said that payment processor CardSystems Solutions was out of compliance with their security requirements. About 40 million credit-cards of all brands were exposed to potential fraud when an attacker broke into CardSystems Solutions' network.

Last week, SC Magazine reported
a class-action lawsuit has been filed in California on behalf of credit-card holders and merchants against CardSystems Solutions, Visa, and MasterCard after the security breach that exposed 40 million credit cards to potential fraud.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.